User Administration and Identity Management in ABAP Systems
With the user administration, you create the prerequisites for your employees being able to work in the SAP system.
Create a user master record for every employee. In addition to technical administration data, the user master record includes the authorizations included in roles and profiles that allow the user to execute actions in the SAP system.
For information about the fundamentals of user and authorization administration in ABAP systems, see the SAP Library under AS ABAP Authorization Concept.
The most important tools for user and role maintenance are listed below:
-
User Maintenance (transactions SU01, SU10)
-
Role Maintenance (transaction PFCG)
-
Indirect role assignment using HR-ORG
-
User Information System (transaction SUIM)
-
Central User Administration (transactions PFCG, SM59, SU01, SCUA, SCUM, SCUG, SUGR, SCUL)
The central tasks of user and role maintenance are listed below:
| Task | Information |
|---|---|
|
Maintain users (create, change, delete, and so on) |
|
|
Maintain roles (create, change, delete, and so on) |
|
|
Assign roles to users |
|
|
Mass changes of user data |
|
|
Logging off inactive users |
|
|
Maintain Internet users |
|
|
Setting Password Controls |
These tasks go beyond purely administering the users of the ABAP systems but, depending on the system landscape, may affect user administration.
| Task | Information |
|---|---|
|
Setting up and operating Central User Administration |
|
|
Setting up a directory service and synchronizing the ABAP user administration with an LDAP-compatible directory service |
Although the following tasks go beyond daily user administration, they are necessary for successful long-term operation.
| Task | Information |
|---|---|
|
Comparing Users |
|
|
Using the central repository for personalization data |
|
|
Maintaining defaults and options for users |
|
|
Using the User Information System |
|
|
Performing a first installation |
|
|
Performing an upgrade |